I need to know the login history for specific user (i.e. login and logout time), How do I extract this history for a specific date range in Linux ?
Asked
Active
Viewed 2.5e+01k times
3 Answers
44
If you need to go further back in history than one month, you can read the /var/log/wtmp.1 file with the last command.
last -f wtmp.1 john will show the previous month's history of logins for user john.
The last log output isn't too heavy and relatively easy to parse, so I would probably pipe the output to grep to look for a specific date pattern.
last john | grep -E 'Aug (2[0-9]|30) ' to show August 20-30. Or something like:
last -f /var/log/wtmp.1 john | grep -E 'Jul (1[0-9]|2[0-9]|30) ' to acquire July 10-30 for user john.
ewwhite
- 198,150
22
How to extract login history for specific date range in Linux?
An example to list all users login from 25 to 28/Aug:
last | while read line
do
date=`date -d "$(echo $line | awk '{ print $5" "$6" "$7 }')" +%s`
[[ $date -ge `date -d "Aug 25 00:00" +%s` && $date -le `date -d "Aug 28 00:00" +%s` ]] && echo $line
done
awk '{ print $5" "$6" "$7 }'to extract the date time at corresponding column fromlastoutput+%sto convert datetime to Epoch time-gestand for greater than or equal-lestand for less than or equal
You can also do it for specific user with last <username>.
-
1That's a mighty-ugly expression. Wouldn't grep be cleaner since
lastoutput is pretty readable? – ewwhite Aug 28 '11 at 13:33 -
3
-
1
-
-
1@ewwhite the expression looks beautiful to me, if you dont like the look of bash syntax this may not be the site for you. – ekerner Oct 18 '17 at 06:53
-
1
-
Note that the "equal to or less than" function does NOT work; i.e. I have to choose May 16 in order to include logins from May 15. I'm not sure if this also applies to the first one as well. In any case, great answer and thanks! – lobi Sep 06 '19 at 22:07